<!doctype html>
<html lang="zh_cn" itemscope itemtype="http://schema.org/Person">
<head>
            <meta charset="utf-8">
        <!-- Site Meta Data -->
        <title>阿里云ECS免费 https 证书申请和 nginx 配置</title>
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <meta name="description" content="技术博客,涉及Java/PHP/Python/Javascript等,聊聊程序,聊聊生活,聊聊事实,聊聊育儿">
        <meta name="keywords" content="编码经验,技术分享,生活积累,实事评说">
        <meta name="author" content="布丁缘">

        <link rel="shortcut icon" href="">

        <link href='https://fonts.googleapis.com/css?family=Open+Sans:400,600,700' rel='stylesheet' type='text/css'>
        <!-- Style Meta Data -->
        <link rel="stylesheet" href="https://www.ddkiss.com/theme/css/style.css" type="text/css"/>
        <link rel="stylesheet" href="https://www.ddkiss.com/theme/css/pygments.css" type="text/css"/>

        <!-- Feed Meta Data -->
            <link href="https://www.ddkiss.com/feeds/all.atom.xml" type="application/atom+xml" rel="alternate"
                  title="一个程序员的简单生活 ATOM Feed"/>


    <meta name="keywords" content="">
    <link rel="stylesheet" href="//dn-coding-net-public-file.qbox.me/Coding-Comments/v0.1.0/default.css">
</head>

<body>
<!-- Sidebar -->
<aside>
    <center><h1><a href="/" style="color:#fff"><img id="avatar" src="/images/avatar.jpg"></a></h1></center>
        <p>一个程序员的简单生活</p>
    <br>
    <nav class="nav">
        <ul class="list-bare">
                <li><a class="nav__link" href="https://www.ddkiss.com/category/chang-yong-ji-qiao.html">常用技巧</a></li>
                <li><a class="nav__link" href="https://www.ddkiss.com/category/kai-fa-huan-jing.html">开发环境</a></li>
                <li><a class="nav__link" href="https://www.ddkiss.com/category/sheng-huo-dian-di.html">生活点滴</a></li>

                <li><a class="nav__link" href="/pages/books.html">书单</a></li>
                <li><a class="nav__link" href="/pages/movies.html">影单</a></li>
                <li><a class="nav__link" href="/pages/downloads.html">下载</a></li>
                <li><a class="nav__link" href="/pages/about.html">关于我</a></li>


        </ul>
    </nav>


    <form>
      <input type="text"  id="bdcsMain"/>
    </form>

</aside>

<!-- Content -->
<article>
  <main>
    <nav>
      <a href="/">首页</a>
      <a href="/archives.html">归档</a>
      <a href="/categories.html">分类</a>
      <a href="/tags.html">标签</a>
      <a href="/pages/about.html">关于我</a>
    </nav>
  </main>
    <section id="content">
        <article>
            <h2 class="post_title post_detail"><a href="https://www.ddkiss.com/archives/55.html" rel="bookmark"
                                                  title="Permalink to 阿里云ECS免费 https 证书申请和 nginx 配置">阿里云ECS免费 https 证书申请和 nginx 配置</a></h2>

            <div class="post_list">
                <span>作者：</span><a href="https://www.ddkiss.com/author/bu-ding-yuan.html">布丁缘</a>
                <span class="post_category">分类：<a href="https://www.ddkiss.com/category/kai-fa-huan-jing.html" rel="bookmark"
                                               title="Permalink to 开发环境">开发环境</a></span>
                <span class="post_date">  时间：2017-10-10 16:06:00</span>

            </div>
            <div class="entry-content blog-post">
                <p>全名上云的时代大家都争相启用HTTPS，我也不免俗。好在阿里云提供了免费的CA证书，这便宜不占？！</p>
<h2>申请</h2>
<p>点击<a href="https://common-buy.aliyun.com/?spm=5176.2020520163.cas.4.406f1768MgJd1L&amp;commodityCode=cas#/buy">购买证书</a></p>
<p><img alt="Selection_034.png" src="https://www.ddkiss.com/usr/uploads/2017/10/1939265061.png"></p>
<p>确认订单。</p>
<p><img alt="Selection_035.png" src="https://www.ddkiss.com/usr/uploads/2017/10/4256852610.png"></p>
<p>完成信息<code>补全</code>后等待审核。阿里云会自动在DNS解析里加上一条TXT记录，注意要暂停所有CNAME解析。</p>
<p><img alt="Selection_037.png" src="https://www.ddkiss.com/usr/uploads/2017/10/766287414.png"></p>
<p>然后就可以看到状态为<code>已签发</code>。选择Nginx配置，下载证书。吐槽下，我是晚上申请的，但是第二天早上都还在审核中。中午重写配置了DNS解析，撤回。再申请，没过一会儿，刷新页面就发现签发了。不知为何……</p>
<p><img alt="Selection_038.png" src="https://www.ddkiss.com/usr/uploads/2017/10/1785278547.png"></p>
<h2>Nginx配置</h2>
<p>将下载的证书zip包解压到nginx目录下cert文件夹中(自己新建文件夹)。然后配置443端口信息。</p>
<div class="highlight"><pre><span></span> <span class="nt">server</span> <span class="p">{</span>
                <span class="err">listen</span>    <span class="err">443</span> <span class="err">ssl</span> <span class="err">http2</span><span class="p">;</span>
                <span class="err">ssl_certificate</span>   <span class="err">cert/2142887522***28.pem</span><span class="p">;</span>
                <span class="err">ssl_certificate_key</span>  <span class="err">cert/2142887522***28.key</span><span class="p">;</span>
                <span class="err">ssl_session_timeout</span> <span class="err">5m</span><span class="p">;</span>
                <span class="err">ssl_ciphers</span> <span class="n">ECDHE-RSA-AES128-GCM-SHA256</span><span class="p">:</span><span class="n">ECDHE</span><span class="o">:</span><span class="n">ECDH</span><span class="o">:</span><span class="n">AES</span><span class="o">:</span><span class="n">HIGH</span><span class="o">:!</span><span class="n">NULL</span><span class="o">:!</span><span class="n">aNULL</span><span class="o">:!</span><span class="n">MD5</span><span class="o">:!</span><span class="n">ADH</span><span class="o">:!</span><span class="n">RC4</span><span class="p">;</span>
                <span class="err">ssl_protocols</span> <span class="err">TLSv1</span> <span class="err">TLSv1.1</span> <span class="err">TLSv1.2</span><span class="p">;</span>
                <span class="err">ssl_prefer_server_ciphers</span> <span class="err">on</span><span class="p">;</span>
                <span class="err">server_name</span>  <span class="err">www.ddkiss.com</span><span class="p">;</span>
                <span class="err">root</span> <span class="err">/home</span><span class="c">/***/</span><span class="err">blog</span><span class="p">;</span>
                <span class="err">index</span> <span class="err">index.php</span> <span class="err">index.html</span><span class="p">;</span>
<span class="p">}</span>
</pre></div>


<p>然后，将所有的http请求重写(301跳转)。</p>
<div class="highlight"><pre><span></span><span class="nt">server</span><span class="p">{</span>
        <span class="err">listen</span> <span class="err">80</span><span class="p">;</span>
        <span class="err">server_name</span> <span class="err">www.ddkiss.com</span> <span class="err">ddkiss.com</span><span class="p">;</span>
        <span class="err">rewrite</span> <span class="err">^(.*)$</span> <span class="n">https</span><span class="p">:</span><span class="o">//</span><span class="err">$</span><span class="n">host</span><span class="err">$</span><span class="mi">1</span> <span class="n">permanent</span><span class="p">;</span>
<span class="p">}</span>
</pre></div>


<p>完工！就是这么简单。</p>
            </div>
            <div class="post_list">
              <div><span>Tags : </span>
              </div>
            </div>
        </article>
        <div id="container"></div>
        <script type="text/javascript" src="//dn-coding-net-public-file.qbox.me/Coding-Comments/v0.1.0/gitment.min.js"></script>
        <script>
            var gitment = new Gitment({
              owner: 'whusl',
              repo: 'BlogComments',
              oauth: {
                client_id: '621866266817529fba46681653017809',
                client_secret: '14188411740b12ae52159cee9b586bf85cd54125',
              },
            })
            document.getElementById('container').appendChild(gitment.render())
          </script>
    </section>
</article>

<!-- Footer -->
    <footer>
        <p> &copy;2017-2020&nbsp;<a href="http://www.miitbeian.gov.cn/" target="_blank">鄂ICP备17020200号</a>
          Blog powered by <a href="http://getpelican.com/">Pelican</a>
        </p>
    </footer>

    <!-- Analytics -->
    <script>
      var _hmt = _hmt || [];
      (function() {
        var hm = document.createElement("script");
        hm.src = "https://hm.baidu.com/hm.js?88c55edaf311dbacac56a16316b04c8b";
        var s = document.getElementsByTagName("script")[0];
        s.parentNode.insertBefore(hm, s);
      })();
    </script>

<script type="text/javascript">(function(){document.write(unescape('%3Cdiv id="bdcs"%3E%3C/div%3E'));var bdcs = document.createElement('script');bdcs.type = 'text/javascript';bdcs.async = true;bdcs.src = 'http://znsv.baidu.com/customer_search/api/js?sid=14490611060029767912' + '&plate_url=' + encodeURIComponent(window.location.href) + '&t=' + Math.ceil(new Date()/3600000);var s = document.getElementsByTagName('script')[0];s.parentNode.insertBefore(bdcs, s);})();</script>

</body>
</html>